A dodgy anti-virus update from McAfee on Wednesday wrongly identified legitimate JavaScript files as a virus in the second such screw-up by a major security vendor in less than a week.

As a result of the snafu McAfee users who applied the update were falsely warned that their systems were infected by the Exploit-BO JavaScript virus after visiting sites including ESPN and Friendster, the SANS Institute's Internet Storm Centre warns.

The dodgy update is DAT 5197 released on January 2. McAfee pulled the update and issued a replacement signature update (DAT 5198) shortly afterwards.

Faulty anti-virus signature updates are not uncommon across the industry. Spookily rival vendor CA experienced exactly the same type of problem, again involving legitimate JavaScript files been falsely identified as viruses only on Monday. This suggests a general difficulty in tuning heuristic (generic) detection of anti-signature tools to recognise the difference between legitimate JavaScript apps and malware. ®

Related stories

• McAfee slaps Trojan warning on MS Office Live (6 August 2008)
• Yahoo! Messenger! Trojan! false alarm! (13 June 2008)
• 'Hacker Safe' leader defrauded investors, prosecutors say (19 May 2008)
• Underground tools foil generic virus detection (3 March 2008)
• Updated CA issues false warning on JavaScript apps (31 December 2007)
• Anti-virus protection gets worse (21 December 2007)
• Kaspersky false alarm quarantines Windows Explorer (20 December 2007)
• Win 2000 anti-virus products fail independent tests (4 December 2007)
• AVG cries wolf at Adobe Reader (31 August 2007)
• False positives run amok in Vista anti-virus tests (3 August 2007)
• Norton labels Nasa app as adware (17 July 2007)
• Dodgy anti-virus update bunfight goes to court (9 July 2007)
• McAfee ate my system (14 March 2006)